We recently reported a security issue affecting an estimated 50M Facebook user accounts, between July 2017 and September 2018.
Over the weekend, Facebook issued an update reporting that fewer people were impacted by the theft of access tokens than originally thought.
‘Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen,’ Facebook reported.
Facebook explained that the attack allowed cyber criminals to steal access tokens and take-over accounts by using the ‘View As’ feature, which allows people to view how their Facebook page appears to other Facebook users.
Facebook has not ruled out the possibility of smaller-scale attacks, which it is continuing to investigate. The social media giant reminded its customers to visit its Help Centre to check whether they have been affected.
Facebook will also contact affected users to explain what information may have been accessed and the steps users can take to protect themselves from suspicious emails, texts or phone calls.
The ACSC is continuing to investigate the issue with the Office of the Australian Information Commissioner.
Facebook reports that it is cooperating with the US Federal Bureau of Investigation, which is actively investigating the incident.